|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.jsslutils.sslcontext.DefaultSSLContextFactory
org.jsslutils.sslcontext.X509SSLContextFactory
org.jsslutils.sslcontext.PKIXSSLContextFactory
public class PKIXSSLContextFactory
This class is a factory that provides methods for creating an SSLContext configured with the settings set in this factory: using the PKIX algorithm for both the key manager and the trust manager. These managers are created from the KeyStores passed to the constructor. This implementation build a trust store that supports revocation and CRLs, see the CRL-related methods. The "org.jsslutils.prop.crlReloadInterval" system property may be used to configure the reload interval for CRLs (when re-loaded automatically), in seconds (0 won't reload them).
Nested Class Summary |
---|
Nested classes/interfaces inherited from interface org.jsslutils.sslcontext.SSLContextFactory |
---|
SSLContextFactory.SSLContextFactoryException |
Field Summary | |
---|---|
static String |
CRL_RELOAD_INTERVAL_PROP
|
protected Set<CRL> |
crlCollection
|
protected boolean |
enableRevocation
|
Fields inherited from class org.jsslutils.sslcontext.DefaultSSLContextFactory |
---|
CONTEXT_PROTOCOL_NAME_PROP, CONTEXT_PROVIDER_NAME_PROP, SECURERANDOM_ALGORITHM_PROP, SECURERANDOM_PROVIDER_NAME_PROP |
Constructor Summary | |
---|---|
PKIXSSLContextFactory()
|
|
PKIXSSLContextFactory(KeyStore keyStore,
char[] keyPassword,
KeyStore trustStore)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(KeyStore keyStore,
char[] keyPassword,
KeyStore trustStore,
boolean enableRevocation)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(KeyStore keyStore,
String keyPassword,
KeyStore trustStore)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(KeyStore keyStore,
String keyPassword,
KeyStore trustStore,
boolean enableRevocation)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
Method Summary | |
---|---|
void |
addCrl(CRL crl)
Adds a CRL to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(InputStream crlInputStream)
Adds a CRL from an InputStream to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(String crlUrl)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(String crlUrl,
long reloadInterval)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default); this CRL will be reloaded periodically. |
void |
addCrlCollection(Collection<? extends CRL> crlCollection)
Adds CRLs to the collection used by getCrlCollection() (and thus the trust manager by default). |
Callable<X509CRL> |
addReloadableCrl(String crlUrl)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default). |
protected CertStore |
getCertStore()
Returns the CertStore added to the PKIXParameters in getPKIXParameters(). |
Collection<? extends CRL> |
getCrlCollection()
Returns the Collection of X509CRLs used to initialise the CollectionCertStoreParameters used in getCertStore(). |
protected PKIXParameters |
getPKIXParameters()
Returns the PKIXParameters used for initialising the ManagerFactoryParameters in getTrustParams(). |
protected TrustManager[] |
getRawTrustManagers()
Builds TrustManagers from the trust store provided in the constructor, using a PKIX TrustManagerFactory. |
protected ManagerFactoryParameters |
getTrustParams()
Returns the ManagerFactoryParameters used for initialising the TrustManagerFactory in getTrustManagers(). |
CRL |
loadCrl(InputStream crlInputStream)
Builds a CRL object from an InputStream. |
CRL |
loadCrl(String crlUrl)
Builds a CRL object from a URL. |
Methods inherited from class org.jsslutils.sslcontext.X509SSLContextFactory |
---|
configure, getKeyManagers, getKeyStore, getRawKeyManagers, getTrustManagers, getTrustStore, setKeyManagerWrapper, setKeyPassword, setKeyPasswordCallbackHandler, setKeyStore, setKeyStorePasswordCallbackHandler, setTrustManagerWrapper, setTrustStore, setTrustStorePasswordCallbackHandler |
Methods inherited from class org.jsslutils.sslcontext.DefaultSSLContextFactory |
---|
buildSSLContext, buildSSLContext, clone, getContextProtocol, getContextProvider, getDefaultSecureRandomAlgorithm, getSecureRandom, getSecureRandomProvider, setSecureRandom |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String CRL_RELOAD_INTERVAL_PROP
protected boolean enableRevocation
protected Set<CRL> crlCollection
Constructor Detail |
---|
public PKIXSSLContextFactory()
public PKIXSSLContextFactory(KeyStore keyStore, char[] keyPassword, KeyStore trustStore, boolean enableRevocation)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.enableRevocation
- sets whether certificate revocation should be enabled.public PKIXSSLContextFactory(KeyStore keyStore, String keyPassword, KeyStore trustStore, boolean enableRevocation)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.enableRevocation
- sets whether certificate revocation should be enabled.public PKIXSSLContextFactory(KeyStore keyStore, char[] keyPassword, KeyStore trustStore)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.public PKIXSSLContextFactory(KeyStore keyStore, String keyPassword, KeyStore trustStore)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.Method Detail |
---|
protected TrustManager[] getRawTrustManagers() throws SSLContextFactory.SSLContextFactoryException
getRawTrustManagers
in class X509SSLContextFactory
SSLContextFactory.SSLContextFactoryException
protected ManagerFactoryParameters getTrustParams() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
protected PKIXParameters getPKIXParameters() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
protected CertStore getCertStore() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public Collection<? extends CRL> getCrlCollection() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrlCollection(Collection<? extends CRL> crlCollection) throws SSLContextFactory.SSLContextFactoryException
crlCollection
- collection of CRLs to add.
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(CRL crl) throws SSLContextFactory.SSLContextFactoryException
crl
- CRL to add.
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(InputStream crlInputStream) throws SSLContextFactory.SSLContextFactoryException
crlInputStream
- InputStream containing the CRL to read (this is not closed by
this method).
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(String crlUrl) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
IOException
MalformedURLException
SSLContextFactory.SSLContextFactoryException
public void addCrl(String crlUrl, long reloadInterval) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException
crlUrl
- URL of the CRL to fetch.reloadInterval
- number of seconds between reloads.
SSLContextFactoryException
MalformedURLException
IOException
SSLContextFactory.SSLContextFactoryException
public Callable<X509CRL> addReloadableCrl(String crlUrl) throws SSLContextFactory.SSLContextFactoryException, MalformedURLException, IOException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
MalformedURLException
IOException
SSLContextFactory.SSLContextFactoryException
public CRL loadCrl(InputStream crlInputStream) throws SSLContextFactory.SSLContextFactoryException
crlInputStream
- InputStream containing the CRL to read (this is not closed by
this method).
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public CRL loadCrl(String crlUrl) throws SSLContextFactory.SSLContextFactoryException, IOException, MalformedURLException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
IOException
MalformedURLException
SSLContextFactory.SSLContextFactoryException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |